[MacPorts] #52655: tor-devel updated to 0.2.9.4-alpha (includes security fix)

Wed Oct 19 16:20:12 CEST 2016

#52655: tor-devel updated to 0.2.9.4-alpha (includes security fix)
-----------------------------+---------------------------------
  Reporter:  macports.org@…  |      Owner:  macports-tickets@…
      Type:  update          |     Status:  new
  Priority:  Normal          |  Milestone:
 Component:  ports           |    Version:
Resolution:                  |   Keywords:  haspatch maintainer
      Port:  tor-devel       |
-----------------------------+---------------------------------
Description changed by larryv@…:

Old description:

> https://blog.torproject.org/blog/tor-0294-alpha-released-important-fixes
>
> > Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
> > that would allow a remote attacker to crash a Tor client, hidden
> > service, relay, or authority. All Tor users should upgrade to this
> > version, or to 0.2.8.9. Patches will be released for older versions of
> > Tor.
> >
> > - Major features (security fixes):
> >   - Prevent a class of security bugs caused by treating the contents
> >     of a buffer chunk as if they were a NUL-terminated string. At
> >     least one such bug seems to be present in all currently used
> >     versions of Tor, and would allow an attacker to remotely crash
> >     most Tor instances, especially those compiled with extra compiler
> >     hardening. With this defense in place, such bugs can't crash Tor,
> >     though we should still fix them as they occur. Closes ticket 20384
> >     (TROVE-2016-10-001).

New description:

 https://blog.torproject.org/blog/tor-0294-alpha-released-important-fixes

 > Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
 > that would allow a remote attacker to crash a Tor client, hidden
 > service, relay, or authority. All Tor users should upgrade to this
 > version, or to 0.2.8.9. Patches will be released for older versions of
 > Tor.
 >
 > - Major features (security fixes):
 >   - Prevent a class of security bugs caused by treating the contents
 >     of a buffer chunk as if they were a NUL-terminated string. At
 >     least one such bug seems to be present in all currently used
 >     versions of Tor, and would allow an attacker to remotely crash
 >     most Tor instances, especially those compiled with extra compiler
 >     hardening. With this defense in place, such bugs can't crash Tor,
 >     though we should still fix them as they occur. Closes ticket
 >     [https://bugs.torproject.org/20384 20384] (TROVE-2016-10-001).

--

-- 
Ticket URL: <https://trac.macports.org/ticket/52655#comment:4>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system